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(57) Abstract 

The present invention pertains to an electronic data access and retrieval system (20) comprising at least first (B) and second smart 
cards (A), a first card (B) being encoded with digital data fields representative of predetermined information and a second card (A) including 
authorization codes for enabling access to and authorized retrieval of selected information from digital data fields of the first card (B), 
and includes computer means (10) including means for displaying the access data. A method is also disclosed of operating an electronic 
secured access verification display system for displaying an indication of permissible and non-permissible access to facility of authorized 
personnel and for verifying the identity of such personnel by providing IDENTITY SMART CARDS, one for each authorized person, and 
an ACCESS SMART CARD to each authorized operator of the system. 
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DUAL SMART CARD ACCESS CONTROL ELECTRONIC 
DATA STORAGE AND RETRIEVAL SYSTEM AND METHODS 

This application is ~a continuation-in-part of U.S. 
Patent Application Serial No. 08/383,937, filed February 6, 
5 1995; which is a continuation of U.S. Patent Application 
Serial No. 08/352,837, filed December 2, 1994, now 
abandoned. 

A portion of the disclosure of this patent document 
contains material which is subject to copyright or mask 
10 work protection. The copyright or mask work owner has no 
objection to the facsimile reproduction by anyone of the 
patent document or the patent disclosure, as it appears in 

the Patent and Trademark Office patent file or., records , but 

otherwise reserves all copyright or mask work rights 
15 whatsoever. 

INCORPORATION BY REFERENCE 
The software utilized in the system and methods of the 
invention has been registered in the U.S. Copyright Office 
under Copyright Registration No. TX 3-639-032, which 
20 includes "Microsoft Access 11 under Microsoft License 
Agreement. The registered deposit for this copyright 
registration is available to the public for inspection and 
copy at the U.S. Copyright office. Applicants and their 
Assignee hereby incorporate herein by reference said 
25 copyrighted software (non-patent publication) . 

FIELD OF THE INVENTION 
It is most advantageous to have an automatic system 
and methods for identifying people or personnel and 
providing secured access to a facility of authorized 
3 0 personnel upon verifying the identity of such personnel. 
What is clearly needed is a means of, and methods for, 
providing automatic, rapid and positive verification of 
persons who previously have been authorized access to 
secured areas. 

3 5 The present invention system and methods have various 

market applications, one being a race track facility 
operation having various types of employees and 
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Participants, such as pari-mutuel employees camina 
employees, iockevs *nim=,i "F-i-oyees, gaming 

etc > and ' (thorou * h ^ed, greyhound, 

and others, and it ic r»^^^ 

peoole so i- ha , desirous to license these 

iy«upj_e so that you can mni-mi , , . 

» v arious respect y ive ~ are ;r :r p ;:: ive aocass to 

facility. ° f the race tra <* 

system for displaying In T£ IT"""" - ri «=«io„ display 
steps of: - Personnel, comprising the 

one for -rr^^V."" "« " 

one field of digita! data " ^ 

identity and U^^J^^T^ PerS °" al 

iai information and a dicH*--..^^ 
Photograph indicative of each authorized person; 

operator oTT 1 " 9 ™ °"* to ^ Ch ^orised 

operator of the system, eaoh ACCESS card at least h.1, 

encoded with control data elements mandatory to operate the 
Z TacUity P o7 P T iSSiWe ^ — ^sihle'access to 

^^^^rs^sr r in9 an ™ 

oerson »„h • identity of each authorized 

person and optionally containing at least one field of 
digital data which in turn can be accessed by at least one 
other access card in a hierarchy; and 

card l\ lnSe " ing into the dis Play system an ACCESS smart 
card and one of the piurality of IDENTITY smart cards to 

facfli* PermiSSlble *»* "on-permissible access to tne 

a PC or ' PL 0 ' °r lly ' Pr ° Vlding ^ Permissibility in 
« PC or PROM enabling reading of at least one field of 
digital data from the inserted card. 

Furthermore, the following method steps are also 
incorporated into the invention: 
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a) upon the occurrence of insertion into the system 
of both the ACCESS card and the IDENTITY card, 
electronically reading the ACCESS card or the enabled 
system and determining which fields of data of the IDENTITY 
card are to be displayed, reading such determined fields of 
data from the IDENTITY card and displaying the determined 
fields of data of the IDENTITY card; 

b) determining if the IDENTITY card inserted into 
the system is allowed access to the facility by comparing 
secured area assignment data contained in the ACCESS card 
or enabled system with secured area assignment data 
contained within the IDENTITY card; arid "" " 

c) displaying permissible access and non-permissible 
access messages dependent upon verifying both the identity 
of the IDENTITY card holder and the acceptance of the 
IDENTITY card by the ACCESS card or enabled system by the 
authorized operator of the system. 

The method invention further includes the step of 
encoding each ACCESS card with authorization codes for 
enabling retrieval of selected data field information from 
the IDENTITY card. 

In the method described, an access smart card may be 
programmed to also function as an identity card with data 
fields which can be accessed by yet another "access" card. 
This sequence can be extended so that a hierarchy can be 
established which permits access to lower level access 
cards and even first level identity-only cards. The 
functions of each card can be multiple. 

Likewise, at any point in the hierarchy established, 
the function of a single or even a plurality of access 
cards may be performed by a PC disk drive or PROM device. 
The use of local area network can therefore serve multiple 
user card readers. Also, the fact that a single card, 
whether a user card or access card or a multiple function 
access/user card, can contain multiple data fields 
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accessible only b y preselected hierarohal 

either on a card nierarcnal access present 

Pewits layer 0 ~ " \ P ° <U " t ^ « - E P R0 „ 

well as Jeral ret LI"! 2 ™ " 

5 ••identity" are used h ^ tan " " aC ° ess " and 

optionally conte^r; 1 "' ^ is 

Preset aec!~ ^t ~ 
card can be enableT to ! * yStem ' " *"~ 

rr atr— : a £° 

levels. r dlffe rent hierarchal 

access oard must b e inserted r T ^ 
20 system prior to the acce P ted the 

Without a valid aoceslcarrtr 0 ' 

The user card Identity card is useless. 

i e mlo bS «"*»*»•<» Of non-I.c. cards 

oar'lJ, ^ ° ardS ' ° PtiCal Cards ' «9-tic stripe card!' 
bar codes a„ Q mu itlpl e dimension ^ OQd P * <= a ^ 

The access smart card may, i„ certain 
concealed in a device ± * ln cert «« Situations, be 

r ana read/write access to the nprH'n^f ^ u 
0 user/identity card , regardless or " ^ 

operator is present. " heth6r ° r not a " 

Smart cards offer the user or issuer - 
maintaining one or more portal ^ 
systems. The contents of the databases Z L 
a number of different „ aCaDases oa n be secured in 

different ways, depending on the value of this 
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information to the card issuer, card holder and/or system 
sponsor. This "value" can only be determined once the use 
of the card is known. The more uses the card accommodates, 
the more valuable the information contained on the card is 
likely to be. 

Smart cards are used to store and/or process 
information. The types of information stored on smart 
cards and how that data is used generally defines the 
application that the card is being used to accommodate. 
For example, in a stored value application, the information 
maintained by the card is monetary value. in a loyalty 
application, the information could be points redeemable for 
gifts or prizes. if the application is to secure physical 
access to a building or plant location, the information is 
the exact location where the card allows or denies access. 
Information types must be known before their value can be 
assessed. 

Information types can be designated as read only, add 
only, limited access and no access information. "Read only" 
2 0 information is fixed like printed words on a piece of 
paper, allowing anyone to read it but preventing any 
manipulation of the information. "Add only" means as long 
as room exists, more information can be written to the card 
but no information can be removed. This is like engraving 
25 pictures or words on a stone. "Limited access" is data that 
can be modified or erased, like writing on a blackboard. 
This also implies that as long as sufficient "room" exists, 
data can be added. Finally, "no access" is information that 
can never be revealed but is needed by the smart card in 
30 order to process the data in the way designated by the 
application developer. 

Smart cards allow information to be freely distributed 
yet only accessed by people who are authorized. This 
ensures that only authorized people get access to certain 
35 information held in smart cards. For example, the first 
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car. , is issued by the System Sponsor to employees or agents 

nj.y De read and/ or manipulated when tho 
appropriate Access card is present nt-hf ■ 
r*^>->3 ^ . present. Otherwise, the Uspr 

user IT* ^ lnaCtlVe a " d is « *~ t° the 

user without the appropriate and authored Access Card 

the data head in the User/Identity card is inaooessihie ' 

implemented in £ system T ^ 1PPli =" io " 

application retires s^ a 

update a„*, specific Access Card in order to 

15 f^e a ^: r . aPPend i-*«»-tio„ to the User Card.s data 

reared in of e » pl ^er.s Access Card would he 

rlZ " t " ° aCC6SS lnf ° raatt °" °» <*e Employee's 
Identification or User's Cai-rt m,,,..- , p ' s 

stored on tn- T Multiple employee databases 

stored on the employee's Identification Card requires 
different employer issued Access c.r-rt= * ^ requires 
20 make inquires. f ° r tha ™P^« to 

Multiple applications running on SBart 
tech„ ologies is a funotion Qf ^ " ^ 

system sponsor. if the sponsor elects to sell off varies 
portions Of the chip's directories, multiple a^L™ 
» can b e programed fco most mioroprocessor P PPl z iCatl °- 

— cormrr rr- appiicati ° ns - - * 

nations is „ ot ^ ^onTthe 

0 busine Ctl °" al9 ° ritteS but 1° I" a function of the 
business case for the card issue or system sponsor. 

on sinoT"' /" ° aSeS Where mUltiple W"cations reside 

z:?r ~ ca r 0 ch r;r r r process d — 

create firewalls between 
applications with this protection, the likelihood of 
> issuing multiple application smart cards increases. The 
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Dual Card process lowers the risk of privacy breaches or 
security fraud. 

The Dual Card process supports a variety of security 
options including detachable, scaleable and moveable 
5 schemes. Each application can have different levels of 
security based on the application's predefined 
requirements. Access to any one database associated with 
any one application can be secured from other databases 
and/or applications residing on the User/ Identity Card. 
10 The Dual Car <* process can work with whichever type of 

security is desired by the sponsor. This includes RSA, 
DES> triple DES, or other cryptographic solutions in use 
with smart card technologies. 

The Access Card can be programmed to control physical 
15 access to secure areas within a facility. Access Cards can 
also be used to control the addition, modification and/or 
deletion of applications as well as database information on 
User Cards. This can be accomplished on the fly, meaning 
the system operator can make these adjustments during 
20 normal User Card use. Access cards can also be used to 
define data fields on User Cards, define access rights of 
operators or system sponsors to particular data fields on 
User Cards, create different levels of security between 
different applications or databases on JJser Cards, and 
25 accept downloaded audit trail information from User Cards. 

Auditing is an important and unique capability of the 
Dual Card process. The Access Card can store transaction 
data. This data can be used for auditing purposes, and 
also may help detect and/or prevent fraud, depending on the 
30 application. 

Access Cards can be made to expire and/or can be 
PIN/password protected. Depending on the application (s) or 
requirements of the system sponsor, Access Cards are issued 
under tightly controlled conditions. The Access Card 
remains unusable until the correct PIN is entered or, in 
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the case where the card has expired, until the card is 
reactivated by following the correct operating procedures 
as determined By the system sponsor/operator. 

or T ,T l Pr ° CeSS 1S *-«'«*•»* in the protection 

of cardholder privacy when multiple applications reside on 
the card. Sln ce the system sponsor writes the rules for 
accessing information, cardholders are protected 



^ w c= prutecrea from 
groups attempting to access this information outside the 

10 nil I ^ SP ° nSOr - *~« =P-ifio to 
10 applications, create fir^n,. , . 

£lrewalls between each application 
preventing unauthorized access to information. 

'"' 7 M " ltiple aPplications ^ Programmed onto smart card 
technology m three situations: 

15 1 ' mult± P le s ^em sponsors agree to share the costs 

° f C3rd issuance and infrastructure improvements; 
2- a single card issue or system sponsor has a 
business need for more than one application; or 
3. a single card issuer or system sponsor acts as 
20 agent f ° r »«ltiple organizations interested in 

having the card perform certain applications. m 
this case, the system sponsor essentially sells 
off real estate on the chip to all and any 
interested customer (s) . 

25 aml . L ^ ering 1S 3 °° lned te ™ *> represent the multiple 
25 applications that can be stored in smart card chip 
directories. Each directory stores an application database 
or layer, and each can maintain individual applications as 
demanded by the system sponsor. To access these 

0 o n"" reqUlreS ^ ° f a " auth °'i~° A~ess Card, 

only the system sponsor (or the system operator under the 
direction of the system sponsor, can issue and authorize 
Access cards to access these various databases. Layering 
therefore protects the User Card's database from viewing or 
access by unauthorized persons. 
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To reiterate, a long-felt need has existed to provide 
an electronic data access and retrieval system and a method 
for accessing and retrieving digital data information from 
persons by authorized operator/officials of a secured 
5 access facility, and for various other purposes. 
Accordingly, the present invention further provides an 
electronic data access and retrieval system comprising: 

at least first and second smart card means, a first 
card being encoded with digital data fields representative 
10 of predetermined information and second card means 
including authorization codes for enabling retrieval of 
selected information from the" " first card, the second card 
means can be a dedicated integrated circuit chip in a PC or 
EPROM; 

15 computer means including display means for displaying 

accessed data and having at least first and second smart 
card read/write means operatively connected to the computer 
means for reading data fields from and writing data fields 
to the first and second smart card means; and 
20 whereby when the first smart card is placed into the 

first read/write means and the second smart card 
communicates with the second read/write means, authorized 
retrieval of at least some of the data fields contained in 
the first card is enabled and displayed. 

The inventive method of the above-referenced accessing 
and retrieving digital data information system comprises 
the steps of: 

a) encoding a first smart card with at least one 
digital data field representative of predetermined 

30 information; 

b) encoding a second smart card or a reader capable 
system with authorization codes for enabling authorized 
retrieval of one or more selected data fields of 
information from the first card; 
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c) electronically reading the authorization codes 
from the second smart card or reader enabled system and 
retrieving selected information from digital data fields 
contained in the first smart card; and 

d) displaying the selected information. 



The foregoing and other objects/ "features 



advantages of the invention will be apparent from the 
followxng more detailed description of preferred 
embodiments and methods of the invention, as illustrated in 
the accompanying drawings. Throughout, where a read 

^ tl0nality iS dSSCribed ' * is contemplated that "read" 
and/or "write" capability can be incorporated. 

For the sake of brevity, a brief summary of the 
invention system and methods is presented hereinbefore and 
is not presented separately. 

BRIEF PKSCRTPTTION OP <v V * P PMn Hr- 
FIG. i shows one preferred embodiment of the system 
invention applicable to an authorized racing tracJc 
operation. y 

20 FIG. 2 depicts the FIG. i system which cannot be 

operatxvely enabled without the use of an ACCESS card 

FIG. 3 illustrates a FIG. i system operation display 
message which occurs when an unauthorized ACCESS card is 
used with an authorized IDENTITY card. 

25 _ FIG ' 4 Sh ° WS a s r stein embodiment applicable to an 

authorized Driver's License information access and 
retrieval operation. 

FIGS . 5A, 5B and 5C graphically depict, in exemplary 
form, an ACCESS smart card A, an IDENTITY (License) smart 
card B, and a MASTER smart card C, each of which 
incorporate firmware shown a Al, Bl and CI, respectively 

FIG. 6 is a flow chart diagram showing a system 
operation to display IDENTITY card data. 

FIG. 7 is a flow chart diagram showing a system 
operation for issuing IDENTITY (License) cards. 
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FIG. 8 is a flow chart diagram showing a system 
operation to issue ACCESS cards. 

FIG. 9 depicts, in graphic form, a dual-card ACCESS 
smart card issuing station. 
5 FIG. 10 depicts, in graphic form, a dual-card IDENTITY 

smart card issue/update station, the updating function 
being almost identical to that of FIG. 7 except the system 
checks that the identity card has been written to. 

FIG. 11 depicts a single access card accessing a local 
10 area network. 

FIG. 12 depicts a PC or EPROM operating in an access 
modiality. 

FIG. 13 depicts, the multiple data fields layering 
capability of a dual card system. 
15 DESCRIPTION OF I NVENTION SYSTEM AN D METHODS 

The dual-card inventive concept of ACCESS cards and 
IDENTITY (License) cards are utilized in tandem to supply 
the functionality of the system. 

FIG. 1 shows a preferred embodiment of the system 
2 0 invention applicable to an authorized racing track 
operation, wherein computer 10 includes a display 20, 
ACCESS card reader 3 0 for ACCESS card A is connected via 
communication link (line) to computer 10 via a parallel 
port means, and IDENTITY card reader 40 for IDENTITY card 
!5 B is connected via communication link/line 60 to computer 
10 via the parallel port means. 

The system of a preferred embodiment constructed in 
accordance with the present invention and methods, and 
described with reference to the respective drawings, can be 
0 constructed from the following Table, which lists examples 
of the depicted components: 
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20 



25 



TABIiR & 

PC computer stations lo Gateway 2000 



486/dx2/66V 
having two RS-232 
Serial Ports and a 
Parallel Port 



Two 9600P smart Card M(=t _ n . 

Readers 3 0 and 4 0 Datacom 96 OOP 

10 ACCESS Smart Card a <, 

A Smart Card with 

Motorola sc-21 chip 

IDENTITY Smart Card B „ a . 

Smart Card with 

Motorola SC-ii chip 



tech T lnVentl ° n System " d ^thods utilize smart card 
technology components which may be defined as a card 
component that incorporates an integrated circuit chip 
tberein ( lc chip, as set forth above with respect to ACCESS 
smart card A and IDENTITY smart card B. An accepted 
rndustry-wide definition of a "smart card" is a credit carl 

chin d 7 h 1C t e/COTPOnent containing an embedded microprocessor 
cnip that stores info»-» a fi^ . . 



stores information for retrieval, which 

. ls the ke r t° writing and reading all 

information stored in the IDENTITY card B. without a 
suitable ACCESS card, updated information cannot be stored 
inac k, DEHTITY eXlStln * i^ormation is 

reauir ^ ~" *° «» ^—tion 

requirements of the individual issuing the IDENTITY cards 

and each operator of the system has . an ACCESS card which 

determines which fields that operator is able to write to 

procedures being described in further detail hereinafter! 
along with a MASTER card feature. 

For each secured area access, a plurality of IDENTITY 
smart cards are issn^n ™« * , uia 

s are issued, one for each authorized person, and 
each is encoded with diait-*i 

digital data representative of 
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personal identity and including official information and a 
digitized photograph indicative of each authorized person. 
Also, a photograph of the authorized person can be 
imprinted on or affixed to the face of an IDENTITY card. 

An ACCESS smart card is issued to each authorized 
operator of the system station located at the secured 
access area and each ACCESS card is encoded with control 
data elements mandatory to operate the system station to 
display permissible and non-permissible access to the 
secured area of each authorized person having an IDENTITY 
card indicative of the identity of each authorized person. 
The ACCESS card A importantly includes authorization codes 
for enabling retrieval of selected information from a 
compatible IDENTITY card B. 
15 When the ACCESS card is inserted into read/write 

component 30 and the IDENTITY card B is inserted into 
IDENTITY read/write component 40, and these cards are 
compatible with each other as to accessible fields of data, 
the authorized information is read from the IDENTITY card 
2 0 and displayed on display means 20. Depending on the type 
of accessible fields of data information, or profile, of an 
individual's ACCESS card, the user /holder of the ACCESS 
card can be limited to the fields of data that are to be 
written to or read from the IDENTITY card. The controlling 
25 "profile" resides in the ACCESS card. Thus, as shown in 
FIG. l, compatible ACCESS and IDENTITY cards have been 
inserted into the respective readers and the system is 
enabled to retrieve selected information from the IDENTITY 
card that is displayed on display means 20. 

One of the features of the system invention pertains 
to having an ACCESS card encoded with control data elements 
mandatory to operate the system station to display 
permissible and non-permissible access to a secured area. 
These control data elements of the card's operating system 
that reside in the ACCESS card are encoded data containing 
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information on how to read and write to the IDENTITY card 
which also allows aotivation of a set of instructions that 
can reside in the ACCESS card, in the hardware, in the 
software in the computer 10, or any combination thereof. 
■ A different ACCESS card will be able to read different data 
fields in an IDENTITY card if it is programmed to do so 

. f irsT t "t th r SPeCt ^ PIG ' 2 ' £ ° r eSOh SySt ** °P-ation 

ACCESS card T " """" ^ ACCESS Car<3; " » 

ACCESS card is xnserted into the ACCESS card reader 30, 

contained" ^T" " "* enabl£d; ^ information 
oontaxned xn the IDENTITY card cannot be read and 

displayed, and a display" mess™ ^ «. 

pAay message of "insert ACCESS card" 
occurs on the display. 

With the inventive system, the authorized operator of 
the computer 10 station located at the entrance to a 
secured access area is able to peruse personal or history 
data contained in the assigned data fields of the IDENTITY 
smart card. In the racing track application/ 

authorized operator can view information encoded on the 
IDENTITY card, which could include information as to the 
various states in which the holder of the IDENTITY card is 
licensed, as well as anv n^npn +■„ 

„ any P en alty information that that 

infT" re ° elVed ^ re9ard to "oing, — other 

information xncluding date of birth, height, weight 
address, etc., of the IDENTITY card holder. ' 

FIG 3 depicts a FIG. 1 system operation display 
message whxch occurs when an unauthorized ACCESS card is 
used wxth an authorized IDENTITY card. Accordingly, when 
Zl^TLT " IDENTITY card conflict, not matching 
correct fields, an error message appears describing the 
mismatch, and only inserting the matching cards allows 
activation of the system station. 

FIG. 4 shows a system embodiment applicable to an 
authorized Driver's license information access and 
retrieval operation, another application of the present 
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system and method. Thus, by changing and appropriately 
programming an ACCESS card means, the entire Card Operating 
System can be changed without any hardware modifications, 
which affords easy functionality and added capabilities. 
5 Now with respect to FIG. 5, an exemplary showing of 

smart cards utilized in the present system and methods, 
each of the cards incorporate firmware Al, Bl, and Cl, 
respectively, for the ACCESS, IDENTITY and MASTER cards, 
the latter of which will be described hereinafter. 
10 FIG - 6 Provides disclosure of a flow chart diagram 

showing a system operation to display IDENTITY card data. 
As shown, an ACCESS card is inserted and an IDENTITY card 
is inserted, the ACCESS card is interrogated to be 
compatible or non-compatible with the inserted IDENTITY 
15 card, and, if compatible, field definitions and assignment 
and authorization code fields are read from the ACCESS 
card, an access decision is made and, if allowed, selected 
information from the digital data fields of the IDENTITY 
card are displayed. 
20 Various advantages are created and are available 

within the invention system and methods, some of which are 
as follows. 

ACCESS control cards permit or deny access to the data 
contained within an IDENTITY card. These parameters are 
25 established by the person who owns and/or administers the 
system. Dual-card access control allows an administrator 
graduations of authority to thereby provide various levels 
of security and access to various operators, employees, 
etc. 

An individual's ACCESS card allows variable levels of 
security. This permits access to certain data stored on the 
card defined by the administrator. For example, a security 
guard may only see a picture for positive ID 
(identification) of an IDENTITY card holder and determines 
whether the individual card holder has permission to enter 
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an area. 



35 



However, the supervisor of a security guard may 
have a differently encoded ACCESS card with a higher level 
of security, which would allow the supervisor to view on 
the display not only the picture of the IDENTITY card 
* holder and access permitted, but also a display may be 
obtained of an IDENTITY card holder's personal data, such 
as address, phone, rulings, etc., which are on file in the 
IDENTITY card data fields, all of this occurring when the 
supervisor places his particularly programmed ACCESS card 
10 into the invention system. such capacity, therefore, 
satisf.es various issues as to personal privacy, and this 
feature of the invention can thus provide a plurality of 
dxfferent ACCESS cards, each one of which may contain 
dxfferent levels of security access to the information 
15 contamed within an IDENTITY card carried or worn by 
persons, employees, etc. 

The invention system also allows the communication of 
messages through the system on a one-to-one or group basis 
and a message list can specify which messages are to be 
-0 displayed when an individual's IDENTITY card is inserted 
into the respective reader component. 

From the foregoing, one can clearly imagine various 
other applications of the system and methods provided 
herein, such as licensing professionals, providing medical 
5 histories inclusive of allergy parameters for each card 
holder, patron tracking, and any other kind of licensing or 
personal history data information. 

FIG. 7 is a flow chart diagram showing a system 
operation for issuing IDENTITY (License) cards. As shown 
-> therein, an ACCESS card is used to issue a License card 
and, upon insertion of both cards, a password is entered 
and, xf the password is acceptable, a query is made for 

"Are fields writeable?" and if on = ^ . . 

xe - ana ' lf s °. a decision is made as 

to the acceptance of the IDENTITY card and, if 0K data 
fields of information are written to the IDENTITY ' card, 
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such being checked for any errors or problems; and, if yes, 
the error is displayed; and, if no, a display results and 
the operation is terminated. 

FIG. 8 depicts a flow chart diagram showing a system 
5 operation to issue ACCESS cards and, as shown, a MASTER 
card is utilized. The MASTER card contains information on 
how to program the ACCESS card and, without a MASTER card, 
no ACCESS cards can be issued. Accordingly, both the 
MASTER and ACCESS cards are inserted, an appropriate 

10 password is entered, a decision is made as to the 
acceptance of the ACCESS card, and, if not, a display error 
occurs, and if the ACCESS card is accepted, then data 
fields including authorization codes are written to the 
ACCESS card, where after the written fields are checked for 

15 error and, if yes, the error is displayed, and, if no 
problems are found, the display renders a successful 
message . 

FIG. 9 depicts, in graphic form, a dual-card ACCESS 

smart card issuing station within which a system function 
20 of FIG. 8 is accomplished. As shown in FIG. 9, the MASTER 

card and ACCESS card are inserted into their respective 

reader components A and B, which are respectively connected 

to the COMl and COM2 serial ports of computer 10. 

API/Verifier included in computer 10 represents 
25 "Application Programming Interface/Verifier" which 

constitutes software residing in the PC computer 10 for the 

Card Operating System. 

FIG. 10 depicts, in graphic form, a dual-card IDENTITY 

card issue/update station, the updating function being 
3 0 almost identical to issuing IDENTITY cards, except that the 

depicted system checks that the IDENTITY card has been 

written to. 

The disclosure set forth herein above, with reference 
to the drawings, and the incorporation by reference to the 
35 copyrighted system program, will enable any person skilled 
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Z2Vll to T chthis lnvention pertai - a„ d 

pT: L: d her i: te v t n ™ anoe with 016 

in the art th ; alS ° be ° bVious to one «««•<» 

~ r°: iink ~- - u e t s u~ other 

a „ * ' " 1S a PP««nt that there has been provided in 
accordance with the »v=t.» • HJ-oviaea, in 

electronic data access TZr™^ " 
10 accessing an d retrieving J^HLl T " """" ° f 

applicable to the operation If "formation which is 

verification hi , PSratl ° n ° f an electronic secured access 

" " ^ SyStSm ' ^ that f ^ satisfies the 
ob D ectwes, aims, and advantages set forth above It is 
also further apparent that- ™* It: 15 

15 IDENTITY card/ ACCESS card ° Pa "«°- *« issuing 

IDENTITY smart cardTssuing ^at T'^ °* 
disclosed. 9 Statlons ha ™» been shown and 

The following Examples narrate a series of 

» =rr„ I: r^;r. — - ~ - - ~ 

Examp le i 



in a 



* f fMt0ty employee named Sam working 
manufacturing plant 

elements on his smart card XT ^ £ ° ll0Kin9 ^ 
25 identification badge: ' ^ " " iS 

• Identification Data including photo; biometric 
data might also be encoded- 

• code, Provlding Limite<J Ao=ess fco physiMi a ^ 

facnme n sr CtUrer ' S ° r """^ «W. 

• Money for vending machine use and cafeteria 
purchases on manufacturer's or manufacturing 
company's premises; there may also be other uses 
for money in the manufacturer's or manufacturing 
company's plant depending on the level of 
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services manufacturer or manufacturing company 
wants to provide to their employees (e.g., stamp 
machines, pay phones, etc.); and 
• Health Data including blood type, allergies, 
5 chronic maladies, past medical procedures, 

medications, etc. 
The manufacturer or manufacturing company, the system 
sponsor, wants to allow Sam's card to be used in vending 
machines for small change purchases, making things easier 
10 and quicker for Sam (which, of course, benefits 
manufacturer or manufacturing company) . For this 

application, - the - smart card is configured to act as" an 

electronic purse. The manufacturer or manufacturing 
company arranges for their vending machines to be equipped 
15 with smart card readers. The smart card reader installed 
in the vending machine contains information normally 
encoded on the Applications Card, thus allowing the User's 
Card to be used as an electronic purse. 

After getting his coffee from the vending machine, Sam 
spills it and burns himself badly enough to seek medical 
assistance. Sally, in the nurse's office, uses Sam's card 
to positively identify that Sam is who he says he is (she 
puts the card into an access device or reader and 
immediately sees Sam's face in a picture on her PC screen), 
that Sam has Type A+ blood and that he's allergic to 
penicillin. Since Sam also stuck himself with his pencil 
when he spilled his coffee, Sally can see that he's current 
with Tetanus vaccine, thereby protecting manufacturer or 
manufacturing company from some potential future 
30 litigation. Sally can access this data because she has the 
correct Application card. However, Sally cannot see how 
much money remains on Sam's card, nor can she tell which 
inventory control areas Sam has access to, nor can she see 
any personal information required by manufacturer or 
manufacturing company as particular to Sam's employment. 
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make h that Sa, " e Sa ™ " eedS to visit P^nnel to 

Z TLr 7 ^ 4 ° 1K Pr ° gran - s — ^i-d Dan worKs 

5 ITsJZ. A'. H °" eVer ' Da " Cann0t "" d ° ut «-* Sam was 

Dan fi d £arlier that day f ° r treatMent, nor can 

Dan f lnd out hou ,„ uch money ^ ws ^ 

invet"' CaIU10t aCCSSS Sam ' S «™ *° «»■ ~t which 

inventory control areas San, has access. Too bad, since Dan 

was wanting to as, Sam whether he could get Dan's „7f a 
10 customized front grille to her old car 

for Kh Tch%r narl0 rePeatS itSe " " lth ^ application 

to pTt teTr 6 ~~ mer M -~^ =» Wy decides 

case the T TT *" "« h ^hetical 

case, the manufacturer or manufacturing company has decided 

^."r-r 1 "ecause they recognise cost 

err ^rrariVr" 16 ^' privacy and — 

r necessarily see a revenue generator for this 

card lt they may ^ think ^ 

the retailer m our next example. At any rate, even used 
20 -ternally, this card oeco.es win-win f or the ™ 
sponsor, card holder and all who interact with the card to 
make their jobs more productive. 
Example p > 

June is a housewife (meaning she works in the home 
2, rather than cut of it, . she receives a smart card from the 

^th " here USUaUy Sh ° PS *• *ain is 

usrng the card as their freguent shoppers card, check 
cashing card and as a means of tracking and storing unique 
purchase items found in June's shopping basket. m this 
30 way, the chain can reward June for shopping at their store 
and provide her with cents off coupons when she buys any 
Product that the chain has decided -qualifies- as unique Z 
matter at which of the chain, stores June happens to snop 

.s regard'trthTrj:; 1 :: z^r 1 " m chain - 

t-ore at which she happens to shop, the 
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clerk asks June for her card at check-out. When the card 
is inserted into the reader, the list of unique items 
purchased during June's last two trips are stored in EAR 
memory, uploaded from the card's secure storage area. The 
reason the card allows access to this information is that 
the store's EAR has requested authorization from its host 
or store controller. Housed in this controller is the 
Application Card for the chain's loyalty program. 

It is important to realize that this same Application 
Card could have resided at the check-out lane in a second 
card reader connected to the EAR. As June's card is 
inserted in the "cardholder's reader", the clerk would 
insert the Applications Card into this second reader. This 
would authorize the clerk to view the contents of June's 
15 card. 

However, due to security reasons and other economic 
and operating conditions, the chain wanted the Application 
Card to remain resident at all times. The best way to 
ensure that condition, the chain reasoned, was to keep the 
20 Application Card "centralized" back at the store's 
controller or chain's host. 

As the clerk continues the check-out process, the EAR 
compares each item bought on June's current trip and 
compares these with the unique items purchased on June's 
25 last trip or last two trips. June receives points for the 
current trip, cents off on certain items she bought in the 
current trip, new prize directory (loaded directly onto her 
chip card so she can view it on her PC later that evening) , 
and other rewards deemed important by the system sponsor.' 

The applications at work in this example are positive 
identification of the shopper, immediate reward offered to 
the shopper based on the bundle of goods in the cart, and 
future reward (s) established based on the goods being 
purchased on this trip. No other applications may be 
running on this card eliminating the need for a specific 
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applications or supervisory card. On the other hand, 
depending on the si 2e of the chain offering such a loyalty 
program, there may be strategic alliances established that 
provides for the participation of other merchants or other 
5 retail service providers. m turn, this could result in 
using the application card to prevent one merchant, say 
from viewing the shopping patterns of the cardholder at 
some other merchant's store (s) . 

While the invention system has been described in 
10 conjunction with specific embodiments thereof, it is 
evident that many alternatives, modifications, variations, 
and apPliCations will be apparent to those skilled in the 
art „ light of the foregoing description. Accordingly, it 
as intended to embrace all such alternatives, modifications 
and variations which fall within the spirit and scope of 
the appended system and method claims. 
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WHAT IS CLAIMED IS : 

1. An electronic data access and retrieval system 
comprising: 

at least first and second smart cards, a first card 
being encoded with at least one digital data field 
representative of predetermined information and a second 
card means including authorization codes for enabling 
access to and authorized retrieval of selected information 
from said digital data fields of said first card, said 
second card means being selected from an integrated circuit 
containing card or PROM or enabled system; 

computer means including display means for displaying 
the accessed data and having at least first and second 
smart card read/write means operatively connected to said 
computer means for reading data fields from and writing 
data fields to said first and second smart card means; 

whereby when the said first smart card is placed into 
said first read/write means and the said second smart card 
communicates with said second read/write means, access to 
and authorized retrieval of at least some of the data 
fields contained in the said first card is enabled and 
displayed. 

2 . The system of claim 1 wherein said second card 
means additionally contains at least one digital data field 
which can be accessed by additional separate second card 
means . 

3. A method of accessing and retrieving digital data 
information comprising the steps of: 

a) encoding a first smart card with a multiplicity of 
digital data fields representative of predetermined 
information; 
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b) encoding a second smart card means or reader 
capable system with authorization codes for enabling access 
to and authorized retrieval of selected data field 
information from said digital data fields of said first 
card; 

c) electronically reading said authorization codes 
from said second smart card means and retrieving said 
selected information from at least one of said digital data 
fields contained in said first smart card; and 

d) displaying the said selected information. 

4. The method of claim 2 wherein said second smart- 
card means includes at least one digital data field which 
can be accessed by yet other second smart card means. 
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